Monday, November 7, 2016

CONTROVERSYPolicy and institutions are questioning the validity of this personal database for 60 million French and should see the light of day as early as 2017…

The file YOUR brings together in a single database (identity, eye color, home address, photo, fingerprints…) holders of a passport and an identity card and regarding potentially nearly 60 million French. – F. LODI/SIPA

Anissa Boumediene

Published on 07.11.2016 17:43

updated the 07.11.2016 17:43

What future emerges for the mégafichier TES ? Passed in secret by decree during the weekend of all saints, the mégafichier gathering the personal data of the French been the subject of sharp criticism since its publication in the official Journal. Holder of the project,
Bernard Cazeneuve ensures that the creation of such a file is justified in the name of administrative simplification, but even in the ranks of the government and institutions such as the French CNIL, the constitution of this enormous database of black cohosh without consulting parliamentary cringe.

That contains the file YOUR and how will it be used ?

Called “electronic Titles” secure information systems ” (TES), this file brings together in a single information database on all passport holders and an id card. The name, the forenames, the date and place of birth, sex, eye color, size, place of residence, the names, surnames, dates and places of birth of parents, nationality, as well as a facial photo, but also fingerprints and an e-mail when it has been provided : all of these data will be included in this mégafichier, which potentially concerns nearly 60 million French. Its official launch is expected on Tuesday in the Yvelines department in the ” pilot “, before its generalization in the whole of France at the beginning of 2017.

On paper, this file is intended in particular to combat counterfeiting and identity theft, thanks to the centralized database and so populated. For its part, the government ensures that the file will not be used for identification of suspects in criminal cases. It may, however, be consulted by the intelligence services, police, and gendarmerie who will argue that their approach is intended to ” prevent violations of the fundamental interests of the Nation “. Some of the data contained in this future database will also be able to be passed on to Interpol or the Schengen system.

Why is it criticized and by whom ?

as Soon as recognised, this mégafichier has been the subject of sharp criticism. Among the first to respond, last Tuesday, the president of the it Commission and freedoms (CNIL) Isabelle Falque-Pierrotin, objected to the creation of a file as sensitive without parliamentary debate.

” It does not seem to us appropriate for a change of this magnitude can be introduced, almost by stealth, “she said by calling the national representation to enter the folder to weigh the” pros and cons “.

The exceptional size of the file, the risk of piracy and, above all, the conditions of its creation, without consultation or parliamentary debate, never ceased to create controversy. This Monday, Axelle Lemaire has called for the suspension of the mégafichier. In an interview with The view, the secretary of State for the Digital lamented, “a major failure” in his establishment, condemning ” an order made soft by the ministry of the Interior, on a Sunday of all saints, in thinking that it would neither seen nor known.” If the secretary of State to Digital, ” this kind of file was a good solution a decade ago “, it now poses a “real security problems” at a time when cyber attacks are a scourge computing on a large scale.

The national digital Council (CNNum), a consultative body, has also called on the government to “
to suspend the implementation “of the file, which leaves” the door open to excesses also likely to be unacceptable “and is” conducive to the misappropriation massive purposes “. Lamenting ” the absence of any consultation prior to the publication of the decree “, he was invited to open a discussion inter-ministerial ” on the subject.

But the world is not opposed to this project. After having criticized in 2012 the project of law of the right to create a mégafichier of the same type, the minister of Justice, Jean-Jacques Urvoas, has estimated that the new file addressed ” to the objective of a fair balance between the protection of the identity of our fellow citizens and the guarantee of public freedoms “. At right, former Prime minister François Fillon (LR) has for its part considered that the new file ” adheres strictly to the rule of law “.

What are the guarantees of protection of the data contained in this file against cyber attacks ?

For the time being, “the way in which this file should be protected has not yet been defined,” says Nicolas Arpagian, author of cyber (al. What do I know ?, ed PUF). But it will be necessary to define strictly who has access and with what rights : consultation, modification or deletion of these data.” In order to avoid any drift, the operating system of the file “would need to provide a strict framework to the identity of the persons who will be able to view and access secure and limited in number,” he continues. Ideally, it should be possible to keep a record of who has accessed the file and on what occasion, in order to empower users “.

To avoid potential cyber attacks, ” it will be necessary to ensure an “air-gap”, that is to say that the file structure is well separated from the internet, recommends Nicolas Arpagian. And to ensure the redundancy of the file : it will not be dependent upon a single version of the file.” Another necessary step to ” compartmentalize the file to ensure that it is not fully corrupted in the event of a cyber attack, he advises. It is the same principle as a boat : it should be of watertight bulkheads to ensure its integrity if a compartment is flooded by the waters “.

Asked Wednesday at the Meeting, Bernard Cazeneuve, has provided that all the safeguards had been taken, and pointed out that the CNIL had considered that the objectives of the file ” were specified, explicit and legitimate “. However, the CNIL has claimed “a further evaluation of the device” and stated its preference for a system of electronic chip in the identity document, which would ” retain biometric data on an individual support exclusively held by the person concerned.”